Theories and Models for Internet Quality of Service

We survey recent advances in theories and models for Internet Quality of Service (QoS). We start with the theory of network calculus, which lays the foundation for support of deterministic performance guarantees in networks, and illustrate its applications to integrated services, differentiated services, and streaming media playback delays. We also present mechanisms and architecture for scalable support of guaranteed services in the Internet, based on the concept of a stateless core. Methods for scalable control operations are also briefly discussed. We then turn our attention to statistical performance guarantees, and describe several new probabilistic results that can be used for a statistical dimensioning of differentiated services. Lastly, we review recent proposals and results in supporting performance guarantees in a best effort context. These include models for elastic throughput guarantees based on TCP performance modeling, techniques for some quality of service differentiation without access control, and methods that allow an application to control the performance it receives, in the absence of network support

Advances in Internet Quality of Service

We describe recent advances in theories and architecture that support performance guarantees needed for quality of service networks. We start with deterministic computations and give applications to integrated services, differentiated services, and playback delays. We review the methods used for obtaining a scalable integrated services support, based on the concept of a stateless core. New probabilistic results that can be used for a statistical dimensioning of differentiated services are explained; some are based on classical queuing theory, while others capitalize on the deterministic results. Then we discuss performance guarantees in a best effort context; we review: methods to provide some quality of service in a pure best effort environment; methods to provide some quality of service differentiation without access control, and methods that allow an application to control the performance it receives, in the absence of network support

Pre-Congestion Notification (PCN) Architecture

This document describes a general architecture for flow admission and termination based on pre-congestion information in order to protect the quality of service of established, inelastic flows within a single Diffserv domain.\u

Mobile Ad Hoc Networks

Guiding readers through the basics of these rapidly emerging networks to more advanced concepts and future expectations, Mobile Ad hoc Networks: Current Status and Future Trends identifies and examines the most pressing research issues in Mobile Ad hoc Networks (MANETs). Containing the contributions of leading researchers, industry professionals, and academics, this forward-looking reference provides an authoritative perspective of the state of the art in MANETs. The book includes surveys of recent publications that investigate key areas of interest such as limited resources and the mobility of mobile nodes. It considers routing, multicast, energy, security, channel assignment, and ensuring quality of service. Also suitable as a text for graduate students, the book is organized into three sections: Fundamentals of MANET Modeling and Simulation—Describes how MANETs operate and perform through simulations and models Communication Protocols of MANETs—Presents cutting-edge research on key issues, including MAC layer issues and routing in high mobility Future Networks Inspired By MANETs—Tackles open research issues and emerging trends Illustrating the role MANETs are likely to play in future networks, this book supplies the foundation and insight you will need to make your own contributions to the field. It includes coverage of routing protocols, modeling and simulations tools, intelligent optimization techniques to multicriteria routing, security issues in FHAMIPv6, connecting moving smart objects to the Internet, underwater sensor networks, wireless mesh network architecture and protocols, adaptive routing provision using Bayesian inference, and adaptive flow control in transport layer using genetic algorithms

Providing guaranteed QoS in the hose-modeled VPN

With the development of the Internet, Internet service providers (ISPs) are required to offer revenue-generating and value-added services instead of only providing bandwidth and access services. Virtual Private Network (VPN) is one of the most important value-added services for ISPs. The classical VPN service is provided by implementing layer 2 technologies, either Frame Relay (FR) or Asynchronous Transfer Mode (ATM). With FR or ATM, virtual circuits are created before data delivery. Since the bandwidth and buffers are reserved, the QoS requirements can be naturally guaranteed. In the past few years, layer 3 VPN technologies are widely deployed due to the desirable performance in terms of flexibility, scalability and simplicity. Layer 3 VPNs are built upon IP tunnels, e.g., by using PPTP, L2TP or IPSec. Since IP is best-of-effort in nature, the QoS requirement cannot be guaranteed in layer 3 VPNs. Actually, layer 3 VPN service can only provide secure connectivity, i.e., protecting and authenticating IP packets between gateways or hosts in a VPN. Without doubt, with more applications on voice, audio and video being used in the Internet, the provision of QoS is one of the most important parts of the emerging services provided by ISPs. An intriguing question is: Is it possible to obtain the best of both layer 2 and 3 VPN? Is it possible to provide guaranteed or predictable QoS, as in layer 2 VPNs, while maintaining the flexibility and simplicity in layer 3 VPN? This question is the starting point of this study. The recently proposed hose model for VPN possesses desirable properties in terms of flexibility, scalability and multiplexing gain. However, the classic fair bandwidth allocation schemes and weighted fair queuing schemes raise the issue of low overall utilization in this model. A new fluid model for provider-provisioned virtual private network (PPVPN) is proposed in this dissertation. Based on the proposed model, an idealized fluid bandwidth allocation scheme is developed. This scheme is proven, analytically, to have the following properties: 1) maximize the overall throughput of the VPN without compromising fairness; 2) provide a mechanism that enables the VPN customers to allocate the bandwidth according to their requirements by assigning different weights to different hose flows, and thus obtain the predictable QoS performance; and 3) improve the overall throughput of the ISPs\u27 network. To approximate the idealized fluid scheme in the real world, the 2-dimensional deficit round robin (2-D DRR and 2-D DRR+) schemes are proposed. The integration of the proposed schemes with the best-effort traffic within the framework of virtual-router-based VPN is also investigated. The 2-D DRR and 2-D DER-+ schemes can be extended to multi-dimensional schemes to be employed in those applications which require a hierarchical scheduling architecture. To enhance the scalability, a more scalable non-per-flow-based scheme for output queued switches is developed as well, and the integration of this scheme within the framework of the MPLS VPN and applications for multicasting traffics is discussed. The performance and properties of these schemes are analyzed

Routing and Mobility on IPv6 over LoWPAN

The IoT means a world-wide network of interconnected objects based on standard communication protocols. An object in this context is a quotidian physical device augmented with sensing/actuating, processing, storing and communication capabilities. These objects must be able to interact with the surrounding environment where they are placed and to cooperate with neighbouring objects in order to accomplish a common objective. The IoT objects have also the capabilities of converting the sensed data into automated instructions and communicating them to other objects through the communication networks, avoiding the human intervention in several tasks. Most of IoT deployments are based on small devices with restricted computational resources and energy constraints. For this reason, initially the scientific community did not consider the use of IP protocol suite in this scenarios because there was the perception that it was too heavy to the available resources on such devices. Meanwhile, the scientific community and the industry started to rethink about the use of IP protocol suite in all IoT devices and now it is considered as the solution to provide connectivity between the IoT devices, independently of the Layer 2 protocol in use, and to connect them to the Internet. Despite the use of IP suite protocol in all devices and the amount of solutions proposed, many open issues remain unsolved in order to reach a seamless integration between the IoT and the Internet and to provide the conditions to IoT service widespread. This thesis addressed the challenges associated with the interconnectivity between the Internet and the IoT devices and with the security aspects of the IoT. In the interconnectivity between the IoT devices and the Internet the problem is how to provide valuable information to the Internet connected devices, independently of the supported IP protocol version, without being necessary accessed directly to the IoT nodes. In order to solve this problem, solutions based on Representational state transfer (REST) web services and IPv4 to IPv6 dual stack transition mechanism were proposed and evaluated. The REST web service and the transition mechanism runs only at the border router without penalizing the IoT constrained devices. The mitigation of the effects of internal and external security attacks minimizing the overhead imposed on the IoT devices is the security challenge addressed in this thesis. Three different solutions were proposed. The first is a mechanism to prevent remotely initiated transport level Denial of Service attacks that avoids the use of inefficient and hard to manage traditional firewalls. It is based on filtering at the border router the traffic received from the Internet and destined to the IoT network according to the conditions announced by each IoT device. The second is a network access security framework that can be used to control the nodes that have access to the network, based on administrative approval, and to enforce security compliance to the authorized nodes. The third is a network admission control framework that prevents IoT unauthorized nodes to communicate with IoT authorized nodes or with the Internet, which drastically reduces the number of possible security attacks. The network admission control was also exploited as a management mechanism as it can be used to manage the network size in terms of number of nodes, making the network more manageable, increasing its reliability and extending its lifetime.A IoT (Internet of Things) tem suscitado o interesse tanto da comunidade académica como da indústria, uma vez que os campos de aplicação são inúmeros assim como os potenciais ganhos que podem ser obtidos através do uso deste tipo de tecnologia. A IoT significa uma rede global de objetos ligados entre si através de uma rede de comunicações baseada em protocolos standard. Neste contexto, um objeto é um objeto físico do dia a dia ao qual foi adicionada a capacidade de medir e de atuar sobre variáveis físicas, de processar e armazenar dados e de comunicar. Estes objetos têm a capacidade de interagir com o meio ambiente envolvente e de cooperar com outros objetos vizinhos de forma a atingirem um objetivo comum. Estes objetos também têm a capacidade de converter os dados lidos em instruções e de as comunicar a outros objetos através da rede de comunicações, evitando desta forma a intervenção humana em diversas tarefas. A maior parte das concretizações de sistemas IoT são baseados em pequenos dispositivos autónomos com restrições ao nível dos recursos computacionais e de retenção de energia. Por esta razão, inicialmente a comunidade científica não considerou adequado o uso da pilha protocolar IP neste tipo de dispositivos, uma vez que havia a perceção de que era muito pesada para os recursos computacionais disponíveis. Entretanto, a comunidade científica e a indústria retomaram a discussão acerca dos benefícios do uso da pilha protocolar em todos os dispositivos da IoT e atualmente é considerada a solução para estabelecer a conetividade entre os dispositivos IoT independentemente do protocolo da camada dois em uso e para os ligar à Internet. Apesar do uso da pilha protocolar IP em todos os dispositivos e da quantidade de soluções propostas, são vários os problemas por resolver no que concerne à integração contínua e sem interrupções da IoT na Internet e de criar as condições para a adoção generalizada deste tipo de tecnologias. Esta tese versa sobre os desafios associados à integração da IoT na Internet e dos aspetos de segurança da IoT. Relativamente à integração da IoT na Internet o problema é como fornecer informação válida aos dispositivos ligados à Internet, independentemente da versão do protocolo IP em uso, evitando o acesso direto aos dispositivos IoT. Para a resolução deste problema foram propostas e avaliadas soluções baseadas em web services REST e em mecanismos de transição IPv4 para IPv6 do tipo pilha dupla (dual stack). O web service e o mecanismo de transição são suportados apenas no router de fronteira, sem penalizar os dispositivos IoT. No que concerne à segurança, o problema é mitigar os efeitos dos ataques de segurança internos e externos iniciados local e remotamente. Foram propostas três soluções diferentes, a primeira é um mecanismo que minimiza os efeitos dos ataques de negação de serviço com origem na Internet e que evita o uso de mecanismos de firewalls ineficientes e de gestão complexa. Este mecanismo filtra no router de fronteira o tráfego com origem na Internet é destinado à IoT de acordo com as condições anunciadas por cada um dos dispositivos IoT da rede. A segunda solução, é uma framework de network admission control que controla quais os dispositivos que podem aceder à rede com base na autorização administrativa e que aplica políticas de conformidade relativas à segurança aos dispositivos autorizados. A terceira é um mecanismo de network admission control para redes 6LoWPAN que evita que dispositivos não autorizados comuniquem com outros dispositivos legítimos e com a Internet o que reduz drasticamente o número de ataques à segurança. Este mecanismo também foi explorado como um mecanismo de gestão uma vez que pode ser utilizado a dimensão da rede quanto ao número de dispositivos, tornando-a mais fácil de gerir e aumentando a sua fiabilidade e o seu tempo de vida